Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/4HdKTdn8wAyNuCx4OrTpxbYHwzQ.roa
File:                     4HdKTdn8wAyNuCx4OrTpxbYHwzQ.roa (raw, json)
Hash identifier:          M8ePxYwh9UrWelfK5KQn0YFP78fKnGQ60Oy8bIJc5hc=
Subject key identifier:   E0:77:4A:4D:D9:FC:C0:0C:8D:B8:2C:78:3A:B4:E9:C5:B6:07:C3:34
Certificate issuer:       /CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
Certificate serial:       018CC5011B691A7C3B23F9743B28D3C21180
Authority key identifier: EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/4HdKTdn8wAyNuCx4OrTpxbYHwzQ.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        31.204.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1b:69:1a:7c:3b:23:f9:74:3b:28:d3:c2:11:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0774a4dd9fcc00c8db82c783ab4e9c5b607c334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:60:5e:00:ea:5d:fb:a0:40:37:9c:00:95:ad:
                    11:25:d8:a6:9c:d1:34:bc:f9:41:ae:fd:51:c7:6c:
                    0a:e5:7a:5f:62:14:c9:00:90:a6:df:3e:36:3d:b4:
                    8c:aa:95:ca:e6:e4:22:9f:9f:7e:c4:f8:3e:34:aa:
                    e1:7f:e0:ed:db:73:b5:07:83:1e:12:fd:41:92:7a:
                    2e:a7:de:6d:3d:a5:d0:81:b5:07:f1:ef:99:b4:19:
                    58:39:44:cb:6b:84:2c:f3:9e:84:15:56:52:86:d8:
                    dd:56:3e:28:35:93:3b:3a:06:d3:d3:eb:a0:dc:f8:
                    f4:6c:61:9a:e9:66:24:e2:8e:72:a1:2f:0b:4e:93:
                    75:45:3b:36:8c:00:e1:cc:c0:15:ed:9c:45:35:fb:
                    be:17:0e:55:e2:65:0b:e4:28:7f:fd:de:25:a2:82:
                    9e:37:0b:65:1a:11:ca:19:77:e3:80:12:f9:2d:53:
                    f1:68:2b:71:9c:1f:0f:c9:49:20:d2:6f:72:91:e1:
                    d0:8e:a3:9e:19:f5:56:a5:75:5c:26:6a:42:2b:1d:
                    2d:cf:ff:f2:11:be:54:ca:29:fb:fc:07:cb:98:59:
                    04:68:ef:8e:79:cf:e0:9e:05:9b:6b:01:ae:5e:25:
                    ec:78:a0:fa:51:51:55:e0:16:e7:89:bb:4e:e7:a9:
                    ab:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:77:4A:4D:D9:FC:C0:0C:8D:B8:2C:78:3A:B4:E9:C5:B6:07:C3:34
            X509v3 Authority Key Identifier:
                keyid:EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/4HdKTdn8wAyNuCx4OrTpxbYHwzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.204.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f7:45:0c:56:f4:9d:b8:3b:83:d2:96:76:88:3e:d1:7c:43:
         c1:c8:b2:26:bf:dd:f0:da:8e:64:47:20:72:1f:85:75:ea:6b:
         b7:09:68:cc:5e:14:36:51:eb:3d:2e:22:4b:7a:39:61:15:05:
         79:bb:5e:54:1b:93:33:71:fd:a2:b1:ae:29:74:67:5b:bd:53:
         ef:0a:12:69:70:be:0e:81:4e:ad:17:0e:86:31:be:0b:ad:e7:
         72:8f:33:03:85:7c:b3:9f:10:d7:f4:6b:e8:65:9e:a1:2d:31:
         0b:a8:f1:26:62:88:39:b1:31:1b:ed:25:56:b1:08:33:55:f4:
         91:91:d3:7d:38:bd:ca:9b:be:fc:11:1c:2a:b7:5d:7a:e7:e9:
         1e:4b:90:5b:3b:f4:f1:93:17:42:81:0e:1b:fb:14:c6:52:13:
         0c:16:0b:6e:36:a6:89:e0:06:d1:48:48:45:83:da:50:ea:4b:
         89:b8:c7:f5:a0:19:ee:18:88:e5:ae:7f:87:04:9e:0c:3e:59:
         1a:0d:24:ba:d0:6e:37:4c:8b:5d:04:7c:2b:f3:59:94:f2:f3:
         d2:b0:b5:52:3f:fe:4a:b9:a5:55:c8:69:33:1f:a9:65:8d:39:
         d4:76:5c:ee:4f:c0:3c:31:eb:1e:dc:26:d0:2e:c8:60:a3:97:
         82:71:4a:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARtpGnw7I/l0OyjTwhGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNzgzNThhNmE5N2QxOWIyZjVhZmZmMWNmYzc5M2ZiYjRl
YWZjOWQwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc3NGE0ZGQ5ZmNjMDBjOGRiODJjNzgzYWI0ZTljNWI2MDdjMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmBeAOpd+6BAN5wAla0RJdimnNE0
vPlBrv1Rx2wK5XpfYhTJAJCm3z42PbSMqpXK5uQin59+xPg+NKrhf+Dt23O1B4Me
Ev1Bknoup95tPaXQgbUH8e+ZtBlYOUTLa4Qs856EFVZShtjdVj4oNZM7OgbT0+ug
3Pj0bGGa6WYk4o5yoS8LTpN1RTs2jADhzMAV7ZxFNfu+Fw5V4mUL5Ch//d4looKe
NwtlGhHKGXfjgBL5LVPxaCtxnB8PyUkg0m9ykeHQjqOeGfVWpXVcJmpCKx0tz//y
Eb5Uyin7/AfLmFkEaO+Oec/gngWbawGuXiXseKD6UVFV4BbnibtO56mrdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB3Sk3Z/MAMjbgseDq06cW2B8M0MB8GA1UdIwQY
MBaAFOt4NYpql9GbL1r/8c/Hk/u06vydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQt
NGE1ZWVkMWVlNWJjLzEvNEhkS1Rkbjh3QXlOdUN4NE9yVHB4YllId3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQtNGE1ZWVkMWVlNWJj
LzEvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH8waMA0G
CSqGSIb3DQEBCwUAA4IBAQAH90UMVvSduDuD0pZ2iD7RfEPByLImv93w2o5kRyBy
H4V16mu3CWjMXhQ2Ues9LiJLejlhFQV5u15UG5Mzcf2isa4pdGdbvVPvChJpcL4O
gU6tFw6GMb4LredyjzMDhXyznxDX9GvoZZ6hLTELqPEmYog5sTEb7SVWsQgzVfSR
kdN9OL3Km778ERwqt1165+keS5BbO/TxkxdCgQ4b+xTGUhMMFgtuNqaJ4AbRSEhF
g9pQ6kuJuMf1oBnuGIjlrn+HBJ4MPlkaDSS60G43TItdBHwr81mU8vPSsLVSP/5K
uaVVyGkzH6lljTnUdlzuT8A8Mese3CbQLshgo5eCcUqr
-----END CERTIFICATE-----